Description:Description\
If an organization want to benefit from palmera safe module and utilities, it's safe has to call PalmeraModule::registerOrg with orgName. The problem here is that if a name, which already exists is provided, the transaction will revert inside _createOrgOrRoot:
/// @notice Refactoring method for Create Org or RootSafe
/// @dev Method Private for Create Org or RootSafe
/// @param name String Name of the Organisation
/// @param caller Safe Caller to Create Org or RootSafe
/// @param newRootSafe Safe Address to Create Org or RootSafe
function _createOrgOrRoot(
string memory name,
address caller,
address newRootSafe
) private returns (uint256 safeId) {
if (bytes(name).length == 0) {
revert Errors.EmptyName();
}
bytes32 org = caller == newRootSafe
? bytes32(keccak256(abi.encodePacked(name)))
: getOrgHashBySafe(caller);
if (isOrgRegistered(org) && caller == newRootSafe) {
revert Errors.OrgAlreadyRegistered(org);
}
if (isSafeRegistered(newRootSafe)) {
revert Errors.SafeAlreadyRegistered(newRootSafe);
}
This could be weaponized by malicious actors and prevent famous organizations from using palmera module.
Attack Scenario\
Uniswap wants to create a palmera module and call registerOrg with "Uniswap" as param
Malicious actor sees it and front-run their transaction from his safe and executes it.
Uniswap transaction reverts
This can be repeated unlimited times.
Attachments
Proof of Concept (PoC) File
Will provide if needed
Revised Code File (Optional)
Will provide in comments.
Github username: -- Twitter username: -- Submission hash (on-chain): 0xc46d278eea07d5ad637bc97a456f2e840045d88cf91697cfde72bd2cad87b5df Severity: medium
Description: Description\ If an organization want to benefit from palmera safe module and utilities, it's safe has to call
PalmeraModule::registerOrg
withorgName
. The problem here is that if a name, which already exists is provided, the transaction will revert inside_createOrgOrRoot
:This could be weaponized by malicious actors and prevent famous organizations from using palmera module. Attack Scenario\
registerOrg
with "Uniswap" as paramAttachments
Proof of Concept (PoC) File Will provide if needed
Revised Code File (Optional) Will provide in comments.